Klocwork and ISO 26262

Klocwork is certified (pre-qualified) by Tüv Süd for use in ISO 26262 projects. Klocwork’s analysis can be used to cover a range of guidelines specified in Section 6 of the standard, Product development at the software level. Klocwork’s client-server architecture simplifies and streamlines the process of managing compliance to coding standards, such as MISRA, which form a key feature of the ISO 26262 requirements from the static analysis aspect.

The process of managing MISRA conformance (including deviations), can be illustrated using the process described in the diagram below. This follows the lifecycle of an issue detected and suppressed at the developer’s desktop, to being reviewed and approved/declined on the Klocwork server via a code review.

Klocwork defect lifecycle in a safety standard process

The different statuses in the workflow illustrated by the diagram are explained below:

Analyze – default initial status for a new issue detected

Ignore –used by developers to suppress issues

Defer – used to approve suppresions

Fix – used to deny suppressions

To generate MISRA compliance reports we can filter Klocwork issues by MISRA-C/C++ and “status:Defer”.

If a developer does not suppress an issue, we can automatically create a task for this (e.g. in JIRA) and the developer is then responsible for setting the status to “Ignore” and the rest of the workflow stays the same.

There is also the possibility to perform Code Reviews on issues before the integration analysis, using Klocwork’s Code Review tool.

Compared to traditional deviation processes, e.g. comments in the code and XML/Spreadsheets to track the deviations, Klocwork’s approach will streamline your development process. Moreover, everything you need to do as a developer can be done from within your IDE – no need to jump around between different tools.